3
3 Data Link Layer The main tasks of the data link layer are: Transfer data from the network layer of one machine to the network layer of another machine Convert the raw bit stream of the physical layer into groups of bits (“frames”)

4
4 Two types of networks at the data link layer –Broadcast Networks: All stations share a single communication channel –Point-to-Point Networks: Pairs of hosts (or routers) are directly connected Typically, local area networks (LANs) are broadcast and wide area networks (WANs) are point-to-point

5
5 Local Area Networks Local area networks (LANs) connect computers within a building or a enterprise network Almost all LANs are broadcast networks Typical topologies of LANs are bus or ring or star We will work with Ethernet LANs. Ethernet has a bus or star topology.

6
6 MAC and LLC In any broadcast network, the stations must ensure that only one station transmits at a time on the shared communication channel The protocol that determines who can transmit on a broadcast channel are called Medium Access Control (MAC) protocol The MAC protocol are implemented in the MAC sublayer which is the lower sublayer of the data link layer The higher portion of the data link layer is often called Logical Link Control (LLC)

10
10 Starting with 10Base-T, stations are connected to a hub in a star configuration Star Topology

11
11 Ethernet Hubs vs. Ethernet Switches An Ethernet switch is a packet switch for Ethernet frames Buffering of frames prevents collisions. Each port is isolated and builds its own collision domain An Ethernet Hub does not perform buffering: Collisions occur if two frames arrive at the same time. HubSwitch

12
12 Ethernet and IEEE 802.3: Any Difference? There are two types of Ethernet frames in use, with subtle differences: “Ethernet” (Ethernet II, DIX (Digital-Intel-Xerox) An industry standards from 1982 that is based on the first implementation of CSMA/CD by Xerox. Predominant version of CSMA/CD in the US. 802.3: IEEE’s version of CSMA/CD from 1985. Interoperates with 802.2 (LLC) as higher layer. Difference for our purposes: Ethernet and 802.3 use different methods to encapsulate an IP datagram.

19
19 PPP Support protocols Link management: The link control protocol (LCP) is responsible for establishing, configuring, and negotiating a data-link connection. LCP also monitors the link quality and is used to terminate the link. Authentication: Authentication is optional. PPP supports two authentication protocols: Password Authentication Protocol (PAP) and Challenge Handshake Authentication Protocol (CHAP). Network protocol configuration: PPP has network control protocols (NCPs) for numerous network layer protocols. The IP control protocol (IPCP) negotiates IP address assignments and other parameters when IP is used as network layer.

28
28 ARP Cache Since sending an ARP request/reply for each IP datagram is inefficient, hosts maintain a cache (ARP Cache) of current entries. The entries expire after a time interval. Contents of the ARP Cache: (128.143.71.37) at 00:10:4B:C5:D1:15 [ether] on eth0 (128.143.71.36) at 00:B0:D0:E1:17:D5 [ether] on eth0 (128.143.71.35) at 00:B0:D0:DE:70:E6 [ether] on eth0 (128.143.136.90) at 00:05:3C:06:27:35 [ether] on eth1 (128.143.71.34) at 00:B0:D0:E1:17:DB [ether] on eth0 (128.143.71.33) at 00:B0:D0:E1:17:DF [ether] on eth0

29
29 Proxy ARP Proxy ARP: Host or router responds to ARP Request that arrives from one of its connected networks for a host that is on another of its connected networks.

30
30 Things to know about ARP What happens if an ARP Request is made for a non-existing host? Several ARP requests are made with increasing time intervals between requests. Eventually, ARP gives up. On some systems (including Linux) a host periodically sends ARP Requests for all addresses listed in the ARP cache. This refreshes the ARP cache content, but also introduces traffic. Gratuitous ARP Requests: A host sends an ARP request for its own IP address: –Useful for detecting if an IP address has already been assigned.

31
31 Vulnerabilities of ARP 1.Since ARP does not authenticate requests or replies, ARP Requests and Replies can be forged 2.ARP is stateless: ARP Replies can be sent without a corresponding ARP Request 3.According to the ARP protocol specification, a node receiving an ARP packet (Request or Reply) must update its local ARP cache with the information in the source fields, if the receiving node already has an entry for the IP address of the source in its ARP cache. (This applies for ARP Request packets and for ARP Reply packets) Typical exploitation of these vulnerabilities: A forged ARP Request or Reply can be used to update the ARP cache of a remote system with a forged entry (ARP Poisoning) This can be used to redirect IP traffic to other hosts

33
33 What is a single-segment network? A single-segment network consists of interfaces connected by a single physical link, either a point-to-point link or a broadcast link. Interfaces on the same single-segment network have the same network prefix. 128.195.1.100 128.195.1.200 128.195.1.300 128.195.1.1 128.195.2.100 128.195.2.200 128.195.3.100 128.195.3.200 128.195.2.1 128.195.3.1 128.195.1.0/24 128.195.2.0/24 128.195.3.0/24

34
34 How to identify a single segment IP network Detach interfaces from routers or hosts Each isolated island is a single segment IP network Each interface on the same single segment IP network must have the same network address prefix 128.195.1.100 128.195.1.200 128.195.1.300 128.195.1.1128.195.2.1 128.195.3.1 128.195.2.100 128.195.2.200 128.195.3.100 128.195.3.200

35
35 Protocol specification vs implementation According to the ARP protocol specification, a node receiving an ARP packet (Request or Reply) must update its local ARP cache with the information in the source fields, if the receiving node already has an entry for the IP address of the source in its ARP cache. (This applies for ARP Request packets and for ARP Reply packets) Implementation may differ from the specification What you observe in the lab may not be universally true.